Extracted

• • Target

    9d46b723ec666db3e73ae900c474d660

  • Size

    290KB

  • MD5

    9d46b723ec666db3e73ae900c474d660

  • SHA1

    a801d00b65f847806ea5c2496c62efae283b3a94

  • SHA256

    80bb4f3c9e2ea5ea1ca55ffa2a5fd303058c240133d32b93e7c89a96712a5cba

  • SHA512

    4d26098cac7368afb62c41b3c9a06870f6ae3d1fe4883ba9a4d5755d9a2e363b2d8cba55ec637ab24362a32a2c4c362d0192659a5abd62f87c2f0b0a9ed3c9cc

  Score

  10^/10

  njratwormrattevasionpersistencetrojan

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2